TheSupe87 - Fotolia
Is consumer data privacy at risk under cybersecurity legislation?
#GRCChat participants discuss how cybersecurity legislation could hurt data privacy and what personal information protections should be included in the new rules.
New U.S. cybersecurity legislation designed to prevent future data breaches continues to be debated by U.S. legislators, and consumer privacy remains a sticking point. Bills such as the Protecting Cyber Networks Act (PCNA) propose systems for private companies to share information about cyber threats with government agencies. Opponents fear that including this type of information sharing in cybersecurity legislation will hurt privacy by helping the U.S. government collect consumer data for law enforcement or surveillance purposes.
Proposed cybersecurity bills such as PCNA continue to raise questions about what U.S. citizens are willing to give up to prevent massive data breaches that have become the norm. Most agree that there should be some sort of cybersecurity legislation, but consumer data privacy remains a major priority. In this #GRCChat recap, participants discuss how cybersecurity legislation could affect privacy and what precautions should be taken to protect consumer data.
Will data sharing policies proposed in cybersecurity legislation hurt consumer privacy? Why or why not?
Although cybersecurity legislation is meant to protect consumer privacy, some think that it would actually undermine it. Detractors of cybersecurity legislation specifically worry about the amount of consumer data that would be available to the government should proposed bills become law. #GRCChat participants acknowledged privacy is a legitimate concern, but added that data sharing stipulations may be necessary:
A3 Privacy advocates are understandably concerned about gov data sharing, and fed using info for surveillance/crime investigations #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
A3 Not doing anything could be worse: proposed laws are designed to prevent recent hacks of customer data at major retailers #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
A3 The question is does consumer privacy suffer more with or without legislation? Is legislation a necessary evil, in other words? #GRCchat
— Nicole Laskowski (@TT_Nicole)
May 7, 2015
Although some #GRCchat-ters agreed that cybersecurity legislation is needed, they added that current proposed legislation is lacking from a consumer privacy standpoint:
A3 Greater #privacy protection thru some combo legislation, industry initiatives needed, but this effort fails to impress #grcchat
— knowlengr (@knowlengr)
May 7, 2015
Excellent point @knowlengr , you would think with NSA controversy consumer privacy would have been more of a priority #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
The lack of a consumer presence wasn't the only fault found with proposed cybersecurity legislation. Participants thought that bills often demonstrated a lack of knowledge regarding technology and suggested that more experts should be consulted when creating cybersecurity legislation:
A3 Look @ Bill http://t.co/Ybyy6Cpnjx Little to help consumer #privacy - minimalist tech understanding of #bigdata #cybersecurity #grcchat
— knowlengr (@knowlengr)
May 7, 2015
R @TT_Nicole Mixed bag needed: some is stds organizations eg @USNISTgov @OasisOpen @HL7 @id_eco_system +pvt citizen engagement
— knowlengr (@knowlengr)
May 7, 2015
@TT_Nicole @knowlengr #grcchat Working around biases often requires a team approach w/ all biases exposed and counter-balanced.
— Forvalaka41 (@Forvalaka41)
May 7, 2015
A3 Proposal seems to have little support from security "specialists" http://t.co/uF67dyBNXM Not a good leading indicator #privacy #grcchat
— knowlengr (@knowlengr)
May 7, 2015
What privacy protections must be in cybersecurity legislation to ensure consumer data is not violated?
Participants discussed how some consumer data privacy sacrifices might be necessary to protect information under cybersecurity legislation, but added there is still a need for controls on what exactly the government can and cannot do with consumer data.
A5 citizens/consumers will likely have to get used to at least some public/private sector info sharing to protect cybersecurity #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
@Fran_S_TT #grcchat An excellent point but it seems to be an #EpicFail for the inelligence community w/ big pendulum swings back and forth.
— Forvalaka41 (@Forvalaka41)
May 7, 2015
One participant stated that cybersecurity legislation still has a long way to go, especially when it comes to transparency:
A5 #Privacy measures needed are complex, beyond scope of chat, but educ'd citizen needs access,transparency,provenance,acc'blity #grcchat
— knowlengr (@knowlengr)
May 7, 2015
A5 Bill calls for YA #cybersecurity technology assessment, but existing evidence / guidelines not used, esp "training" + encryption #grcchat
— knowlengr (@knowlengr)
May 7, 2015
SearchCompliance site editor Ben Cole advocated for finding the right mix of government involvement and privacy protection, before pointing out the problem that innovation presents: New tech could either provide more security, or create new opportunities for data breaches.
A5 Will be very difficult, but gov has to find the right balance between U.S. cybersecurity strategy and privacy protection #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
. @TT_Nicole yes def could build info protection in new tech....or could create more access for hackers/securityvulnerabilities #GRCchat
— Ben Cole (@BenjaminCole11)
May 7, 2015
How do you think cybersecurity legislation will affect consumer data privacy? Sound off in the comments section below.
Dig Deeper on Risk management and compliance
-
![]()
Women in cybersecurity work to grow voice in US lawmaking
By: Kate Gerwig
-
![]()
Go beyond compliance checklists to avoid information security breaches
By: Aislyn Fredsall
-
![]()
Changes in technology create new difficulties for GRC processes
By: Aislyn Fredsall
-
![]()
Will cybersecurity legislation's data sharing measures hurt privacy?
